I moved my DNS setup for my domain names over the Cloudflare a while back. People much more knowledgable than I mentioned they liked it…in particular the proxying of your IP addresses. I like this additional layer of privacy since I’m self-hosting some services I’ve made available online. My personal IP address is not visible to the internet at large.

However, self-hosting these services means that I need to set up dynamic DNS. My IP address will occasionally change, and I need dynamic DNS to ensure my services remain available after an IP address change.

Ultimately, I settled on the Linuxserver ddclient docker container. I used several of their over docker containers, and I haven’t had any issues with them.

After a bit of trial and error Cloudflare dynamic DNS is up and running. The main thing that I found was that I needed to remove all of the comments from the default ddclient.conf file that is included in the docker container. Having the additional characters after the needed information caused errors for whatever reason.

Here is what the file looks like when starting the container. Note: I removed the sections not relating to Cloudflare. There are a lot of example sections if you’re using other dynamic DNS services.

Linuxserver ddclient.conf Default Settings#

##
## CloudFlare (www.cloudflare.com)
##
#protocol=cloudflare,        \
#zone=domain.tld,            \
#ttl=1,                      \
#login=your-login-email,     \ # Only needed if you are using your global API key. If you are using an API token, set it to "token" (wihtout double quotes).
#password=APIKey             \ # This is either your global API key, or an API token. If you are using an API token, it must have the permissions "Zone - DNS - Edit" and "Zone - Zone - Read". The Zone resources must be "Include - All zones".
#domain.tld,my.domain.tld

My Changes for Cloudflare Dynamic DNS#

##
## CloudFlare (www.cloudflare.com)
##
protocol=cloudflare,        \
zone=mydomain.tld,            \
password='<api-key>',
mydomain.tld

I didn’t make any changes to the very beginning telling ddclient to use ssl or how often to check my personal IP address. My changes were later in the file because I was having issues with dyndns.org timing out, and with the inline comments and mentioned earlier.

The comments are useful, so do what they say and make an API token with the correct DNS Read/Write permissions, and ensure the zone resources are set the “Include - All Zones” but ensure you remove the comments after doing so.